SPIP 3.1.9

CPE Details

SPIP 3.1.9
spip
spip
3.1.9
2019-09-18
11h28 +00:00
2023-03-06
22h18 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:spip:spip:3.1.9:*:*:*:*:*:*:*

Informations

Vendor

spip

Product

spip

Version

3.1.9

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-23659 2024-01-18 23h00 +00:00 SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.
6.1
Medium
CVE-2023-52322 2024-01-03 23h00 +00:00 ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.
6.1
Medium
CVE-2023-27372 2023-02-28 00h00 +00:00 SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
9.8
Critical
CVE-2023-24258 2023-02-27 00h00 +00:00 SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.
9.8
Critical
CVE-2022-28961 2022-05-19 18h26 +00:00 Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.
8.8
High
CVE-2022-28960 2022-05-19 18h26 +00:00 A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire.
8.8
High
CVE-2022-28959 2022-05-19 18h26 +00:00 Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML.
6.1
Medium
CVE-2022-26846 2022-03-10 03h58 +00:00 SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.
8.8
High
CVE-2022-26847 2022-03-10 03h58 +00:00 SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.
5.3
Medium
CVE-2020-28984 2020-11-23 20h48 +00:00 prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.
9.8
Critical
CVE-2019-16391 2019-09-17 18h49 +00:00 SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.
6.5
Medium
CVE-2019-16392 2019-09-17 18h48 +00:00 SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.
6.1
Medium
CVE-2019-16393 2019-09-17 18h48 +00:00 SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.
6.1
Medium
CVE-2019-16394 2019-09-17 18h47 +00:00 SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers.
5.3
Medium
CVE-2019-11071 2019-04-10 18h36 +00:00 SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled.
8.8
High